Posted by: David Harley | March 21, 2017

More Warnings to Mac Users

You go for years thinking that hardly anyone is interested in reminding Mac users that they can be caught out by malware too, and then you get three articles at once beating the same drum, or at any rate to much the same rhythm. Yesterday, as I remarked in an earlier blog, there was a very nice article by Thomas Reed for Malwarebytes:  Mac Security Facts and Fallacies.

And today, along come a couple more. One is from the Cylance Threat Guidance Team (Threat Spotlight: Mac Malware): since it mentions me, I should say that while I’m fundamentally in agreement with the article, I have to clarify that though I was drafted into the WildList Organization to implement a Mac WildList, it didn’t (for various reasons) get beyond the planning stage. Anyway, the article seems to throw a little more light on the threat ESET calls OSX/Filecoder.E, as discussed in a blog by Marc-Etienne M.Léveillé from 22nd February  –  New crypto-ransomware hits macOS. There are some other links to information about OSX/Filecoder.E on this site: OSX/Filecoder.E Ransomware Recovery.

The other is by Bill Brenner for Sophos: Your Mac is not malware-proof: a look at the threats and defenses. Sophos believes that there is other macOS-targeting malware incoming, including ransomware.  Sophos researchers Xinran Wu is quoted as saying that ‘MacOS tends to be more a victim of nuisance programs known as potentially unwanted applications (PUA) – adware, for example.’ (Thomas Reed made much the same point in his article for Malwarebytes.) And I agree with him that apart from PUAs, the unequivocal malware that we’ve seen for OS X/macOS has tended to be targeted. However, the way it’s expressed in that article seems to imply that malware is either targeted or drive-by. And, of course, drive-by downloads are a considerable problem, but they’re not the only problem – there’s plenty of other malware (I’m talking malware in general, not Mac-specific stuff) that uses other vectors and doesn’t rely on vulnerabilities in applications. Still, there are plenty of useful links in the article.

David Harley

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: